Data Managment

Question 1

What information and laws are relaven to data protection?

Answer 1

Data Protection Act 2018
Freedom of Information Act 2000
IS09001
UKGDPR
GDPR
ICO
RICS Eletronic Data Managment - GN (Superseded to Isurv)

Question 2

What is the difference between GDPR, UKGDPR and DPA2018

Answer 2

GDPR introduced in 2018 and applies in EU
UKGDPR is the same but applies to UK, was retained when UK left EU and is updated for full application with UK Law
i.e ICO
DPA2018 - Supplements the UKGDPR

Question 3

What are the principles of GDPR

Answer 3

Lawfullness, transparency, accuary, proportionality, security and accountability

Question 4

What is the DPA2018?

Answer 4

Applies to all buisnesses that hadle data, supplements UK impletmention of UKGDPR

Sets out rights of indivials:

Access
Object
Erase
Inform
Portability
Rectify

Sets out obligations of firms:

Transparency
Accountability
Proportionality
Security
Intent
Accuary
Request

Sets out defintions of data controller and proccessor
ICO duties

Question 5

What is the ICO

Answer 5

Independant regulaotry body
Enforces DPA2018
Reviews register
Breaches must be reported to them within 72 hours

Question 6

What is the Freedom of Information Act 2000

Answer 6

Individuals have right to access data

Question 7

What are EMS?

Answer 7

Help companies to adhsre to DPA2018, different complexities

It includes numerous project folders
Allows collaberation
Version control
Recite issue
Drawing managment
Document retention

Question 8

Issues with EMS?

Answer 8

Access and copyright
Secuity
Confidentiality

Question 9

What is the data process?

Answer 9

Data created, shared, managed, stored, access, reused, archived / deleted

Question 10

Examples of primary and secondary data?

Answer 10

Primary = reports

Secondary = BCIS, Planning, NBS and SPONS

Question 11

Purpose of DPO?

Answer 11

Traning
Report breaches
Enforce data protection policy

Only mandatory for some organisations like public

Question 12

What is BIM, and the pros and cons?

Answer 12

Building Information Managment System

Mandated for public sector projects to level 2 in 2016

• Collect, store, manage, integrate data related to asset over lifecyle for improved collaberation amgost stakeholders, good for visualisation, but bad for portability cost and interoptability

Question 13

Who are the parties inolved in GDPR

Answer 13

Data Subject
Data Controller
Data Processor
Data Protection Officer
Supervusory Authority

Question 14

What are the penalties under GDPR and why might they occur?

Answer 14

Not informing of breach
Not maintaining records
Not being transpartent, proportionate, secrure, mishandling

2 Tiers as some violations are more serverve than others
€10 million, or 2% of the firm’s worldwide annual revenue
fine of up to €20 million, or 4%

Question 15

What does the ICO do?

Answer 15

• All organisations must register to ICO
• Breaches reported within 72 hours
• Maintains register
• Offers training
• Enforces DPA2018
• Fine of 17m or 4%, 8.7m or 2%

Question 16

What are the entities involved

Answer 16

• Subject
• Controller
• Processor
• Protection Officer
• Statutory Body